CLAIMS 



Claims 6-46 remain in the application. Claims 6-9, 31-39, and 43-45 have been 
amended. No claims have been cancelled. Claims 47-54 have been added. 

Listing of Claims: 

1-5. (Canceled). 

6. (Currently Amended) A network device comprising: 
at least one processor; 

memory; 
I/O; and 

at least one virtual router in the memory, said at least one first virtual router 
including a first network interface , wherein the at least one virtual router is associated to 
an unique network domain ; 

a first sub-interface data structure in the memory; and 

a first binding data structure in the memory which binds the first network interface 
to the first sub-interface data structure. 

7. (Currently Amended) The network device of claim 6 wherein, 
the first network interface is a layer 3 network interface; 



ATTORNEY'S DOCKET NO. 4906.P001D 



2 



App.No. 10/020,388 



the first sub-interface data structure is a layer 2 interface data structure; and 
the first binding data structure is layer 2/3 binding structure which binds the first 
layer 3 network interface to the layer 2 interface data structure. 

8. (Currently Amended) An electronic memory encoded with: 

at least one virtual router, said at least one first virtual router including a first 
network interface, where the at least one virtual router is associated to an unique network 
domain ; 

a first sub-interface data structure; and 

a first binding data structure which binds the first network interface to the first 
sub-interface data structure. 

9. (Currently Amended) The electronic memory of claim 8 wherein: 
the first network interface is a layer 3 network interface; 

the first sub-interface data structure is a layer 2 interface data structure; and 
the first binding data structure is a layer 2/3 binding data structure which binds the 
first layer 3 interface to the first layer 2 interface data structure. 

10. (Previously Presented) A method of creating a link in at least one network domain 
comprising: 

providing a network device including an electronic memory encoded with at least 
one virtual router which includes at least one network interface; 
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providing at least one sub-interface data structure encoded in the electronic 
memory; and 

binding the at least one network interface to the at least one sub-interface data 
structure. 

1 1 . (Original) The method of claim 10 wherein binding includes creating a binding 
data structure that binds the at least one network interface to the at least one sub-interface 
data structure. 

12. (Original) The method of claim 10 further comprising: 

providing at least one other network interface encoded in the electronic memory; 
and 

binding the at least one other network interface to the at least one sub-interface 
data structure. 

13. (Original) The method of claim 12 further including: 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure. 

14. (Original) The method of claim 10 further comprising: 

providing at least one other sub-interface data structure encoded in the electronic 
memory; and 
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binding the at least one network interface to the at least one other sub-interface 
data structure. 

15. (Original) The method of claim 14 further including: 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure. 

1 6. (Original) The method of claim 1 0, 

wherein binding the at least one network interface to the at least one sub-interface 
data structure includes creating a binding data structure that binds the at least one network 
interface to the at least one sub-interface data structure; and further including: 

providing at least one other network interface encoded in the electronic memory; 

binding the at least one other network interface to the at least one sub-interface 
data structure; 

wherein binding the at least one other network interface to the at least one sub- 
interface data structure includes creating a binding data structure that binds the at least 
one other network interface to the at least one sub-interface data structure; and 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure while leaving the at least one network interface intact. 

17. (Original) The method of claim 10, 
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wherein binding the at least one network interface to the at least one sub-interface 
data structure includes creating a binding data structure that binds the at least one network 
interface to the at least one sub-interface data structure; and further including: 

providing at least one other network interface encoded in the electronic memory; 

providing the at least one other sub-interface data structure encoded in electronic 
memory; 

binding the at least one other network interface to the at least one other sub- 
interface data structure; 

wherein binding the at least one network interface to the at least one other sub- 
interface data structure includes creating a binding data structure that binds the at least 
one network interface to the at least one other sub-interface data structure; 

binding the at least one other network interface to the at least one other sub- 
interface data structure; 

wherein binding the at least one other network interface to the at least one other 
sub-interface data structure includes creating a binding data structure that binds the at 
least one other network interface to the at least one other sub-interface data structure; 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure while leaving the at least one network interface intact. 

18. (Previously Presented) A method of creating a link in a network domain 
comprising: 
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providing a network device including an electronic memory encoded with a first 
virtual router which includes at least one first network interface and with a second virtual 
router which includes at least one second network interface; 

providing at least one first sub-interface data structure encoded in the electronic 
memory; 

providing at least one second sub-interface data structure encoded in the electronic 
memory; 

binding the at least one first network interface to the at least one first sub-interface 
data structure; and 

binding the at least one second network interface to the at least one second sub- 
interface data structure. 

1 9. (Original) The method of claim 1 8 wherein, 

binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; and 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure. 

20 (Original) The method of claim 1 8 further including: 

binding the at least one second network interface to the at least one first sub- 
interface data structure; and 
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eliminating the binding of the at least one second network interface to the at least 
one second sub-interface data structure. 

21 . (Previously Presented) The method of claim 1 8 further including: 
providing respective first and second network databases associated with the 

respective first and second virtual routers wherein such respective first and second 
databases include one or more types of control information used to manage or monitor 
operations, selected from the group consisting of: network (layer 3) addressing, layer 3 
connections, routing, routing protocols, route filters and policies, tunneling, tunneling 
protocols. 

22. (Previously Presented) The method of claim 18 further including: 
providing respective first and second network databases associated with the 

respective first and second virtual routers wherein such respective first and second 
databases include control information used to manage or monitor operations, selected 
from the group consisting of: network (layer 3) addressing, layer 3 connections, routing, 
routing protocols, route filters and policies, tunneling, tunneling protocols; 

binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; and 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure. 
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23. (Previously Presented) The method of claim 18 further including: 
providing respective first and second network databases associated with the 

respective first and second virtual routers wherein such respective first and second 
databases include one or more types of control information used to manage or monitor 
operations, selected from the group consisting of: network (layer 3) addressing, layer 3 
connections, routing, routing protocols, route filters and policies, tunneling, tunneling 
protocols; 

binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure; 

binding the at least one second network interface to at least one first sub-interface 
data structure; and 

eliminating the binding of the at least one second network interface to the at least 
one second sub-interface data structure. 

24. (Previously Presented) A method of creating links between multiple subscriber 
end stations and multiple network domains comprising: 

providing a network device including an electronic memory encoded with 
multiple respective virtual routers, said respective virtual routers including respective 
corresponding network databases which include respective control information, said 
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respective virtual routers respectively each including at least one respective network 
interface for a respective network domain; 

providing respective subscriber records in an electronic memory that 
include respective information as to network domains to which respective subscriber end 
stations of respective subscribers may access; 

providing multiple respective sub-interface data structures in the electronic 
memory respectively associated with respective subscribers; 

searching respective subscriber records to identify respective network 
domains that may be accessed by a respective subscriber end station of a respective 
subscriber; and 

creating respective binding data structures that respectively bind respective 
sub-interface data structures respectively associated with respective subscribers to 
respective network interfaces for respective network domains identified from searching 
respective subscriber records. 



25. (Original) The method of claim 24 further including: 

providing respective subscriber authentication information and respective 

subscriber authorization information in respective subscriber records; 

providing subscriber authentication and authorization services; and 
authenticating and authorizing subscriber access to respective network domains 

using respective subscriber records and the subscriber authentication and authorization 

services. 
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26. (Original) The method of claim 24 wherein, 

the multiple respective sub-interface data structures include multiple respective 
virtual circuits. 

27. (Original) The method of claim 24 further including: 

providing in respective subscriber records multiple possible network domain 
binding options for a respective subscriber. 

28. (Original) The method of claim 24 wherein, 

information in respective subscriber records identify multiple respective possible 
network domains to which respective subscriber end stations of respective subscribers 
may be bound; and 

information in respective subscriber records provide respective criteria for 
selecting between multiple respective network domains for a respective subscriber. 

29. (Previously Presented) A subscriber management system comprising: 

a network device including an electronic memory encoded with multiple 
respective virtual routers in the memory, said respective virtual routers including 
corresponding respective network databases which include respective control 
information, said respective virtual routers respectively including at least one respective 
network interface to a respective network domain; 
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respective subscriber records in an electronic memory that include respective 
information as to network domains to which respective subscriber end stations of 
respective subscribers may be bound; 

multiple respective sub-interface data structures in the electronic memory 
respectively associated with respective subscribers; 

a computer program in electronic memory that searches respective subscriber 
records to identify respective network domains that may be accessed by respective 
subscriber ends stations of respective subscribers; and 

respective binding data structures that respectively bind respective sub-interface 
data structures associated with respective subscribers to respective network interfaces to 
respective network domains identified from searching respective subscriber records. 

30. (Original) The system of claim 29 wherein, 

information in respective subscriber records identify multiple respective possible 
network domains to which respective subscriber end stations of respective subscribers 
may be bound; and 

information in respective subscriber records provide respective criteria for 
selecting between multiple respective network domains for respective subscribers. 

3 1 . (Currently Amended) A network device comprising: 
at least one processor; 

memory; 
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I/O; 

at least one virtual bridge in the memory, said at least one first virtual bridge 
including a first network interface; 

a first sub-interface data structure in the memory; and 

a first binding data structure in the memory which binds the first network interface 
to the first sub-interface data structure. 

32. (Currently Amended) The network device of claim 3 1 wherein, 
the first network interface is a layer 2 network interface; 

the first sub-interface data structure is a layer 2 interface data structure; and 
the first binding data structure is layer 2/2 binding structure which binds the first 
layer 3- 2 network interface to the layer 2 interface data structure. 

33 . (Currently Amended) An apparatus comprising: 
a single network device including, 

a set of one or more processors; 

a first physical interface, the first physical interface coupled to a network; 

and 

a machine-readable medium having stored therein a set of instructions to 
cause the set of one or more processors to instantiate a first virtual router comprising a 
network interface and a first database, to instantiate a second virtual router comprising a 
network interface and a second database, and to bind with a data structure the first virtual 
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router network interface to the first physical interface, wherein the first virtual router 
routes packets according to the first database within a first network domain through the 
first virtual router network interface and the first physical interface, and wherein the 
second virtual router routes packets according to the second database within a second 
network domain. 

34. (Currently Amended) The apparatus of claim 33, further comprising: 

a second physical interface, the second physical interface coupled to the network, 
wherein the set of instructions further causes the single network device to bind with 
another data structure the second virtual router network interface to the second physical 
interface , and wherein and the second virtual router routes packets through the second 
virtual router network interface and the second physical interface. 

35. (Currently Amended) An apparatus comprising: 
a single network device including, 

a set of one or more processors; and 

a machine-readable medium having stored therein a set of instructions to 
cause the set of one or more processors to instantiate a first virtual router comprising a 
network interface and a first database, to instantiate a second virtual router comprising a 
network interface and a second database, and to bind with a data structure the first virtual 
router network interface to a first virtual circuit, wherein the first virtual router routes 
packets according to the first database within a first network domain through the first 
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virtual router network interface and the first virtual circuit , and wherein and the second 
virtual router routes packets according to the second database within a second network 
domain. 

36. (Currently Amended) The apparatus of claim 35, further comprising: 

a second virtual circuit, the second virtual circuit coupled to the network, wherein 
the set of instructions further causes the single network device to bind with another data 
structure the second virtual router network interface to the second virtual circuit , and 
wherein and the second virtual router routes packets through the second virtual router 
network interface and the second virtual circuit. 

37. (Currently Amended) An apparatus comprising: 
a single network device including, 

a set of one or more processors; and 

a machine-readable medium having stored therein a set of instructions to 
cause the single network device to instantiate a first virtual bridge comprising a network 
interface and a first database, to instantiate a second virtual bridge comprising a network 
interface and a second database, and to bind with a data structure the first virtual bridge 
network interface to a first virtual circuit, wherein the first virtual bridge switches packets 
according to the first database within a first network domain through the first virtual 
bridge network interface and the first virtual circui t, and wherein and the second virtual 
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bridge switches packets according to the second database within a second network 
domain. 

38. (Currently Amended) The apparatus of claim 37, further comprising: 

a second virtual circuit, the second virtual circuit coupled to the network, wherein 
the set of instructions further causes the single network device to bind with another data 
structure the second virtual bridge network interface to the second virtual circuit , and 
wherein and the second virtual bridge switches packets through the second virtual bridge 
network interface and the second virtual circuit. 

39. (Currently Amended) An apparatus comprising: 
a single network device including, 

a set of one or more processors; 

a first plurality of ports to communicate packets of a plurality of 

subscribers subscrib e r ; 

a second plurality of ports to communicate packets; and 

a machine-readable medium having stored therein a set of instructions to 

cause the set of processors to, 

instantiate a plurality of virtual network machines, wherein the 
plurality of virtual network machines are virtually independent but share a 
set of physical resources within the single network device, wherein each of 
the plurality of virtual network machines is one of a virtual router and a 
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virtual bridge, and wherein each of the plurality of virtual network 
machines belong to a network domain, 

receive subscriber records associated with the plurality of 
subscribers, wherein each of the plurality of subscribers are associated 
with a virtual circuit on one of the first plurality of ports, wherein each of 
the first and second plurality of ports is associated with one or more sub- 
interfaces, and wherein each of the virtual circuits is associated with one 
of the sub-interfaces associated with the one of the first plurality of ports 
that the virtual circuit is on, and 

dynamically bind a set of one or more network interfaces of each of 
the virtual network machines to a set of one or more of the sub-interfaces, 
such that each of the virtual circuits is communicatively coupled with one 
of said plurality of virtual network machines based on the subscriber 
record of the subscriber associated with that virtual circuit and such that at 
least some of the virtual network machines are communicatively coupled 
to one of the second plurality of ports, wherein the bindings are 
represented with a plurality of data structures. 

40. (Previously Presented) The apparatus of claim 39, wherein the set of instructions 
further causes the set of processors to retrieve the subscriber records from a server that 
runs authentication, authorization, and accounting protocols. 
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41 . (Previously Presented) The apparatus of claim 39, wherein the set of instructions 
further causes the set of processors to change the binding of one of the virtual circuits to a 
different one of said plurality of virtual network machines, wherein the binding change is 
based on the subscriber's subscriber record. 

42. (Previously Presented) The apparatus of claim 41, wherein the binding change is 
based on time of day. 

43. (Currently Amended) The apparatus of claim 39, wherein the set of instruction 
instructions further causes the set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub-interface for a first virtual circuit associated with a first port of 
one of the first and second plurality of ports, and 

bind one of the network interfaces associated with a second of the plurality of 
virtual network machines to a sub-interface for a second virtual circuit associated with the 
first port. 

44. (Currently Amended) The apparatus of claim 39, wherein the set of in s truction 
instructions further causes the set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub-interface for a first virtual circuit associated with a first port of 
one of the first and second plurality of ports, and 
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bind another one of the network interfaces associated with the first of the plurality 
of virtual network machines to a sub-interface for a second virtual circuit associated with 
the first port. 

45. (Currently Amended) The apparatus of claim 39, wherein the set of instruction 
instructions further causes the set of processors to forward, within the network domains to 
which the virtual network machines belong, packets received over the virtual circuits 
communicatively coupled with the virtual network machines out the second plurality of 
ports. 

46. (Previously Presented) The apparatus of claim 45, wherein the second plurality of 
ports is communicatively coupled to different ones of service providers and different 
virtual network machines have access to the different ones of the service providers. 

47. (New) An apparatus comprising: 
a single network device including, 

a set of one or more processors; 

a plurality of ports to communicate a plurality of independent information 
flows of packets through the single network device between a plurality of end stations; 
and 

a machine-readable medium having stored therein a set of instructions to 
cause the set of processors to, 
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instantiate a plurality of virtual network machines to forward the 
plurality of information flows through the single network device, wherein 
the plurality of virtual network machines are virtually independent but 
share a set of physical resources within the single network device, wherein 
each of the plurality of virtual network machines is one of a virtual router 
and a virtual bridge, wherein the plurality of virtual network machines 
belong to different network domains with accounting for different 
administrative authorities, wherein each of the virtual network machines 
include one or more network interfaces, and wherein each of the plurality 
of ports is associated with one or more sub-interface data structures, and 

dynamically bind, with a plurality of binding data structures, the 
network interfaces of each of the virtual network machines to different 
ones of the sub-interface data structures to couple each of the plurality of 
information flows to a currently appropriate one of the plurality of virtual 
network machines based on current authorization of that information flow, 
and wherein the bindings are dynamic based on a change in the 
authorization of each of the plurality of information flows. 

48. (New) The apparatus of claim 47, wherein the set of instructions further causes 
the set of processors to receive records associated with a plurality of virtual circuits, and 
each of the virtual circuits is communicatively coupled with one of said plurality of 
virtual network machines based on the record associated with that virtual circuit. 
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49. (New) The apparatus of claim 48, wherein the set of instructions further causes 
the set of processors to retrieve the records frQm a server that runs authentication, 
authorization, and accounting protocols. 

50. (New) The apparatus of claim 48, wherein the set of instructions further causes 
the set of processors to change the binding of one of the virtual circuits to a different one 
of said plurality of virtual network machines, wherein the binding change is based on the 
record associated with the virtual machine. 

5 1 . (New) The apparatus of claim 47, wherein the binding change is based on time of 
day. 

52. (New) The apparatus of claim 47, wherein the set of instructions further causes 
the set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub-interface data structure for a first virtual circuit associated 
with a first port of one of the plurality of ports, and 

bind one of the network interfaces associated with a second of the plurality of 
virtual network machines to a sub-interface data structure for a second virtual circuit 
associated with the first port. 
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53. (New) The apparatus of claim 47, wherein the set of instructions further causes 
the set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub-interface data structure for a first virtual circuit associated 
with a first port of one of the plurality of ports, and 

bind another one of the network interfaces associated with the first of the plurality 
of virtual network machines to a sub-interface data structure for a second virtual circuit 
associated with the first port. 

54. (New) The apparatus of claim 47, wherein the binding change for one of the 
plurality of information flows is based on change in service associated with the 
information flow. 



Attorney's Docket No. 4906.P001D 



22 



App.No. 10/020,388 



